Solaris/Snare VMs
Results 1 to 10 of 10

Thread: Solaris/Snare VMs

  1. #1
    Senior Member codenamevirus's Avatar
    Join Date
    Jun 2005
    Location
    Faridabad, Haryana, India
    Posts
    298

    Question Solaris/Snare VMs

    Hi

    I am in project which requires to build 3 VMWare virtual machines. One for each of Solaris 10, 9 and 8 (in that order).

    Each VM should be configured with the Snare Agent for Solaris which should be configured for C2-level security auditing.

    In addition to the VM's, it's important to construct an implementation/setup document that describes how to install and configure Snare as well as the Solaris C2 auditing (noting where it might be different per OS version).

    Snare for Solaris can be used as a stand-alone auditing tool, or send data via UDP to a syslog server. For this project, it should be configured to log locally, but the documentation should clearly indicate where/how to configure it to send to a syslog server.


    So how to go about that???
    CodeNameVirus

  2. #2
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    Get an ESX server and load her up. Then load all the hosts on it..

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by oofki
    Get an ESX server and load her up. Then load all the hosts on it..
    Did you just tell him to go out and spend $5K so that he can run 3 VMs?

    I would say that VMWare Workstation is the ultimate solution here, however given the extraordinary price they are charging for Workstation these days, VMWare Server would be enough... given the cost of a server capable of running ESX ($5K) and the cost of licensing, it's neither realistic or feasible.

    As phish said, the easiest thing to do is just write down everything you do... keep a log of every command you type, every box you check and then "translate" those commands into plain english (or language of your choice). Remember to keep track of options, if you are creating documentation, one of the key aspects to the process is to document possible options at each step, which options you recommend, which options are possible and any options that may break later steps.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    But I work for EMC. I had to say that lol.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    IIRC VMWare only supports Solaris 10 but YMMV.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Quote Originally Posted by oofki
    But I work for EMC. I had to say that lol.
    No. You don't have to say that.

    I would suggest VMware Server (it supports 9 and 10). It's free and it's designed to handle small number of servers. And while it only "supports" those, you'll probably find others have run on it (SirDice: supports is only if someone needs help from VMware to get a system up and running; doesn't mean you can't run earlier or later versions).

    This might help in regards to the syslog setup: http://www.aboutdebian.com/syslog.htm
    Last edited by MrLinus; June 27th, 2007 at 11:09 AM.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    Ahh yes I forgot about the server. It is free. They yanked desktop that used to be free and give out that instead.

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Quote Originally Posted by oofki
    Ahh yes I forgot about the server. It is free. They yanked desktop that used to be free and give out that instead.
    Desktop? Try GSX. That was a paid product but they made it free. Made more sense in regards to small businesses that don't quite need the power of ESX but that Workstation isn't sufficient for.

    OOfki, which area of EMC do you work for?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by MsMittens
    (SirDice: supports is only if someone needs help from VMware to get a system up and running; doesn't mean you can't run earlier or later versions).
    Ah.. I never said it didn't work, it's just not supported, so there's no guarantee it will work 100%.. Hence YMMV (your mileage may vary )

    And with regards to workstation or server. Workstation is aimed at developers. It has some nice API hooks to control the VMs. You can create something in Visual Studio and instantly push it to a VM. You can create multiple snapshots of a VM and make changes, revert to a selected snapshot. Collaboration (share VMs) etc. You can even record everything a VM does and replay it (6.0). These things aren't in server.

    ESX is aimed at enterprises, it has neat things like VMOTION.
    Last edited by SirDice; June 27th, 2007 at 05:13 PM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Quote Originally Posted by SirDice
    Ah.. I never said it didn't work, it's just not supported, so there's no guarantee it will work 100%.. Hence YMMV (your mileage may vary )

    And with regards to workstation or server. Workstation is aimed at developers. It has some nice API hooks to control the VMs. You can create something in Visual Studio and instantly push it to a VM. You can create multiple snapshots of a VM and make changes, revert to a selected snapshot. Collaboration (share VMs) etc. You can even record everything a VM does and replay it (6.0). These things aren't in server.

    ESX is aimed at enterprises, it has neat things like VMOTION.
    Not yet they ain't

    And yes, Vmotion is neat but requires shared storage (storage vmotion is supposed to be a one-time thing) and VC to run it. VI3 has a whole whack of neat things (e.g, HA, DRS, etc.) .. and even more for the future.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides